package com.xhsj.user.security.config;

import com.xhsj.user.security.service.IntegrationUserDetailsService;
import com.xhsj.user.utils.PermitAllUrl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

/**
 * @Auther: 苏小林
 * @Date: 2020/8/27 09:38
 * @Description:
 * Security核心配置类
 * WebSecurityConfigurerAdapter 是springsecurity提供的一个适配器 他是专门作用web应用的安全适配器
 */
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //    @Autowired
//    public MyUserDetailsService myUserDetailsService;
    @Autowired
    private IntegrationUserDetailsService integrationUserDetailsService;
    @Autowired
    private BCryptPasswordEncoder passwordEncoder;

    /**
     * 全局用户信息<br>
     * 方法上的注解@Autowired的意思是，方法的参数的值是从spring容器中获取的<br>
     * 即参数AuthenticationManagerBuilder是spring中的一个Bean
     *
     * @param auth 认证管理
     * @throws Exception 用户认证异常信息
     */
    @Autowired
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(integrationUserDetailsService).passwordEncoder(passwordEncoder);
    }

    /**
     * 认证管理
     *
     * @return 认证管理对象
     * @throws Exception
     *             认证异常信息
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    /**
     * http安全配置
     *
     * @param http
     *            http安全对象
     * @throws Exception
     *             http安全异常信息
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers(PermitAllUrl.permitAllUrl(
                        "/users-anon/**",
                        "/oauth/token",
                        "/file/download/**",
                        "/file/delete",
                        "/file/deleteFileDb",
                        "/file/deleteContractFile",
                        "/file/deletePatentFile",
                        "/file/preview",
                        "/system/test/**",
                        "/user/tbGlobalUser/sendCode",
                        "/user/tbGlobalUser/updatePwdForget"
                )).permitAll() // 放开权限的url
                .anyRequest().authenticated()
                .and()
                .httpBasic()
//                .and().headers().frameOptions().disable()
                .and().csrf().disable();
    }

//    @Override
//    public void configure(WebSecurity web) throws Exception {
//        //解决静态资源被拦截的问题
//        web.ignoring().antMatchers("/**");
//    }
}

